Minor update to vCenter 7.0Update 3c/3d/3e/3f from an older 7.0 version fails with error "invalid type expected string instead got none type"
search cancel

Minor update to vCenter 7.0Update 3c/3d/3e/3f from an older 7.0 version fails with error "invalid type expected string instead got none type"

book

Article ID: 326224

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:

  • Attempts to update vCenter to 7.0 Update 3c, Update 3d, Update 3e or Update 3f fail with "invalid type expected string instead got none type"

  • Patchrunner.log, located in /var/log/vmware/applmgmt/, contains the following error stack:

    2022-07-18 06:39:31,586.586Z content-library:Patch ERROR vmware_b2b.patching.executor.hook_executor Patch hook 'content-library:Patch' failed.
Traceback (most recent call last):
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/executor/hook_executor.py", line 74, in executeHook
  executionResult = systemExtension(args)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/libs/sdk/extensions.py", line 106, in __call__
  result = self.extension(*args)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/libs/sdk/extensions.py", line 123, in _func
  return func(*args)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/__init__.py", line 279, in execute_patch
  register_cls()
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/patches/add_new_cls_privileges.py", line 151, in register_cls
  reg_info.registerAll(solution_user_name, solution_user_id, service_id=service_id)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/patches/cis_register.py", line 387, in registerAll
  self.registerUserAndService(user_name, user_id, service, service_id=service_id)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/patches/cis_register.py", line 422, in registerUserAndService
  create_sso_groups(service_spec)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/patches/cis_register.py", line 623, in create_sso_groups
  authz_patch.assign_groups_to_roles(service_spec['group-role'])
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/payload/components-script/content-library/patches/cis_register.py", line 591, in assign_groups_to_roles
  self.domain_name, role, group, True)
 File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 706, in set_permission
  self._authz_service)
 File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 685, in create_access_control
  role_ids.append(role_objs_dict[rolename])
KeyError: 'com.vmware.Content.Registry.Admin'
2022-07-18T06:39:31.597Z ERROR vmware_b2b.patching.phases.patcher Patch hook Patch got ComponentWrapperError.
Traceback (most recent call last):
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/phases/patcher.py", line 203, in patch
  _patchComponents(ctx, userData, statusAggregator.reportingQueue)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/phases/patcher.py", line 85, in _patchComponents
  executeComponentHook(Hook.Patch, ctx, c, userData, reportingQueue)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/executor/execution_facade.py", line 98, in executeComponentHook
  reportQueue, identifier, expectedResultType)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/executor/execution_facade.py", line 53, in executeHook
  result = executor.executeHook(scriptFile, hook, args, reportQueue, reportIdentifier)
 File "/storage/updatemgr/software-update9r0_rc2_/stage/scripts/patches/py/vmware_b2b/patching/executor/hook_executor_process.py", line 119, in executeHook
  raise ex
patch_errors.ComponentError
2022-07-18T06:39:32.601Z WARNING root stopping status aggregation...
2022-07-18T06:39:32.602Z ERROR __main__ Patch vCSA failed

     



Environment

VMware vCenter Server 7.0.3

Cause

This error can occur when one of more of the default roles in vCenter have been modified, resulting in their vmwAuthzRoleName property being different from what it should be.
The update installer uses this property to identify the roles to use them when reregistering the services during the update, and will fail when it cannot find a specific role.

Resolution

To resolve this problem you can apply the following steps:

  1. Restore the vCenter backup which you created before trying to update
  2. Download the script repair_roles.sh which is attached to this KB article
  3. Upload the script to your vCenter Server Appliance and pace it in /tmp/. To upload the script per SCP, you need to change the default shell to BASH as outlined in https://kb.vmware.com/s/article/2100508
  4. Using SSH, go in the /tmp/ folder
Note: while most default roles have fixed role IDs, the ID for the role "com.vmware.Content.Admin" can vary. Therefore you need to edit the script and change this ID to the correct one for the specific environment.
  1. To find the role ID for your vCenter, please run the following command: 
    # /opt/likewise/bin/ldapsearch -b "cn=RoleModel,cn=VmwAuthz,cn=Services,dc=vsphere,dc=local" -s sub -D "cn=Administrator,cn=Users,dc=vsphere,dc=local" -W | grep -A 4 com.vmware.Content.Admin
When asked for, provide the password for the SSO administrator
The output will look like this: 
vmwAuthzRoleName: com.vmware.Content.Admin
vmwAuthzRoleDescription: Administrator user for Content Library
objectClass: top
objectClass: vmwAuthzRole
cn: 1649641290
Note down the value next to "cn: ", highlighted in green in the example above. This is the role ID.
  1. Now edit the repair_roles.sh script and find the following block: 
    /opt/likewise/bin/ldapmodify -x -h localhost -p 389 -D 'cn=Administrator,cn=Users,dc=vsphere,dc=local' -W << EOF
dn: cn=-1615445737,cn=RoleModel,cn=VmwAuthz,cn=services,dc=vsphere,dc=local
changetype: modify
replace: vmwAuthzRoleName
vmwAuthzRoleName: com.vmware.Content.Admin
EOF
  2. Change the numeric value for the first cn to the one from your vCenter. Following the example, you would change this to: 
    /opt/likewise/bin/ldapmodify -x -h localhost -p 389 -D 'cn=Administrator,cn=Users,dc=vsphere,dc=local' -W << EOF
dn: cn=1649641290,cn=RoleModel,cn=VmwAuthz,cn=services,dc=vsphere,dc=local
changetype: modify
replace: vmwAuthzRoleName
vmwAuthzRoleName: com.vmware.Content.Admin
EOF
  3. save the script and change the permissions of the file to make it executable: 
    # cd /tmp/
# chmod +x repair_roles.sh
  4. Run the script: 
    # ./repair_roles.sh

Note: While running, the script will ask you for the LDAP password multiple times (8, to be specific). Each time, please enter the password for of the [email protected] account (or of the administrator account of your SSO domain, in case said SSO domain has been named differently).

 
  1. Retry the update.


Attachments

repair_roles get_app
Powered by Wolken Software